Black Hat Europe: 5 TakeawaysHacking Via Drone, Raspberry Pi Attacks Dominate Event
Information security is hot in Europe. To wit: The Black Hat Europe conference in Amsterdam broke attendance records. While 800 people were projected to attend, total attendance topped 1,000, which is double the audience seen last year.
Furthermore, half of the conference attendees - who came from 68 countries - attended Black Hat for the first time, conference founder Jeff Moss said in this year's conference-kickoff speech.
Black Hat Europe has one overriding rule: Never, ever use the Wi-Fi
Once again, this year's event featured an assortment of updates on the very latest hacking threats, including:
- Innovative drone attack cooked up by the inventor of a famous cryptographic algorithm;
- Warnings of flaws in a widely used two-factor authentication specification; and
- Interplanetary networking technology that was modified to provide low-cost "Endrun" connectivity in hot zones and war zones.
Here are more highlights and takeaways from this year's well-attended gathering:
Less scruff: While the increased attendance figures resulted in a notable buzz across briefing halls and public spaces, it also meant the conference outgrew the Grand Hotel Krasnapolsky, where it's been held in recent years. The centrally located Krasnapolsky, which also bordered the city's notorious red-light district, provided Old World charm - read: well-worn dÃ©cor - befitting a conclave of European hackers. But this year, the conference was forced to decamp to south of the city center, taking up residence in the massive, modern Amsterdam RAI complex. For good or bad, that gave the proceedings a more grown-up feel: less scruff, but with great airport public-transport links.
Watch the Wi-Fi: Like "Fight Club," Black Hat Europe has one overriding rule, although you can talk about it: Never, ever use the Wi-Fi. Because no matter how great your hacker mojo, odds are you're going to get owned by a hotspot vulnerability you never saw coming, unless you've attended the related 3 p.m. briefing.
Beware Bluetooth: While Black Hat lacks Defcon's renowned Wall of Sheep - which lists the passwords of anyone who's been silly enough to use the Wi-Fi - events took a decidedly more modern turn this year, with Symantec security researcher Candid WÃ¼eest surreptitiously cataloging all devices that were using Bluetooth low energy, or BTLE. Luckily for attendees, however, WÃ¼eest's goals centered on researching wearable-computing devices and privacy.
Get Fit: Out of a conference of 1,000 people, on the first day of Black Hat, WÃ¼eest tells me he saw 203 active BTLE devices, many of which he believes were beacons. Perhaps surprisingly for a crowd that often prides itself on its consumption of Club-Mate - a caffeinated, carbonated, mate-extract beverage - WÃ¼eest even found 21 fitness wearables, including 7 Fitbit Flex, 4 Jawbone UP24, 3 Fitbit One, and 2 Nike devices. But he does admit that at least one of the wearables was being worn not by an attendee, but rather by an Amsterdam RAI staff member he had to trail for several minutes, to record usable data.
WÃ¼eest also saw 10 Nokia phones, as well as 11 BlackBerry devices. "So they are still popular," he tells me - or at least as popular as wearable fitness devices at a hacking convention.
Make Mine "Raspberry Pi": Forget MiFi routers, SOHO devices or Shodan-enabled hacks. While those have been hot topics at previous Black Hat Europe conferences, the autumn 2014 de rigueur hacker accessory is, without a doubt, Raspberry Pi. For those not in the know, that's a credit-card-sized computer that packs as much punch as a desktop CPU from just four or five years ago, while only costing about $60 for a well-equipped model with case.
Examples of innovative Raspberry Pi use abounded:
- Alexey Osipov and fellow penetration-testing expert Olga Kochetova using theirs to hack ATMs without using malware;
- Symantec's WÃ¼eest employing several, plus Bluetooth dongles, for sniffing data from fitness wearables;
- Endrun creators Brendan O'Connor and Grant Dobbe, perhaps achieving maximum hacker cred, not only using theirs as nodes in a disruption-tolerant network they created, but packaging them in a bright-orange case, custom-made by O'Connor using a 3D printer.
Top that, Black Hat Europe 2015.